////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2013 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.data.entities;

import java.util.Calendar;
import java.util.List;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import javax.validation.constraints.Size;

import org.codehaus.jackson.annotate.JsonIgnore;

@Entity
@Table(name = "Vulnerability")
public class Vulnerability extends BaseEntity {

	private static final long serialVersionUID = 8339606486988417904L;

	private Application application;
	private Defect defect;
	private GenericVulnerability genericVulnerability;
	private GenericSeverity genericSeverity;
	private SurfaceLocation surfaceLocation;
	
	@Size(max = 128, message = "{errors.maxlength} 128.")
	private String variableHash;
	
	@Size(max = 128, message = "{errors.maxlength} 128.")
	private String locationVariableHash;
	
	@Size(max = 128, message = "{errors.maxlength} 128.")
	private String locationHash;
	
	private boolean active = true;
	private boolean isFalsePositive = false;
	private Calendar wafRuleGeneratedTime;
	private Calendar defectSubmittedTime;
	private Calendar defectClosedTime;
	private Calendar openTime;
	private Calendar closeTime;
	private boolean foundByScanner = true;
	private boolean expired = false;

	private List<Audit> audits;
	private List<Finding> findings;
	private List<WafRule> wafRules;
	private List<VulnerabilityComment> comments;
	
	private List<ScanCloseVulnerabilityMap> scanCloseVulnerabilityMaps;
	private List<ScanReopenVulnerabilityMap> scanReopenVulnerabilityMaps;
	
	private Finding originalFinding = null;

	@ManyToOne
	@JoinColumn(name = "applicationId")
	@JsonIgnore
	public Application getApplication() {
		return application;
	}

	public void setApplication(Application application) {
		this.application = application;
	}
	
	@OneToMany(mappedBy = "vulnerability", cascade = CascadeType.ALL)
	@JsonIgnore
	public List<ScanCloseVulnerabilityMap> getScanCloseVulnerabilityMaps() {
		return scanCloseVulnerabilityMaps;
	}

	public void setScanCloseVulnerabilityMaps(List<ScanCloseVulnerabilityMap> scanCloseVulnerabilityMaps) {
		this.scanCloseVulnerabilityMaps = scanCloseVulnerabilityMaps;
	}
	
	@OneToMany(mappedBy = "vulnerability", cascade = CascadeType.ALL)
	@JsonIgnore
	public List<ScanReopenVulnerabilityMap> getScanReopenVulnerabilityMaps() {
		return scanReopenVulnerabilityMaps;
	}

	public void setScanReopenVulnerabilityMaps(List<ScanReopenVulnerabilityMap> scanReopenVulnerabilityMaps) {
		this.scanReopenVulnerabilityMaps = scanReopenVulnerabilityMaps;
	}

	@ManyToOne
	@JoinColumn(name = "defectId")
	@JsonIgnore
	public Defect getDefect() {
		return defect;
	}

	public void setDefect(Defect defect) {
		this.defect = defect;
	}

	@ManyToOne
	@JoinColumn(name = "genericVulnerabilityId")
	public GenericVulnerability getGenericVulnerability() {
		return genericVulnerability;
	}

	public void setGenericVulnerability(GenericVulnerability genericVulnerability) {
		this.genericVulnerability = genericVulnerability;
	}

	@ManyToOne
	@JoinColumn(name = "genericSeverityId")
	public GenericSeverity getGenericSeverity() {
		return genericSeverity;
	}

	public void setGenericSeverity(GenericSeverity genericSeverity) {
		this.genericSeverity = genericSeverity;
	}

	@Column(length = 128, nullable = true)
	@JsonIgnore
	public String getVariableHash() {
		return variableHash;
	}

	public void setVariableHash(String variableHash) {
		this.variableHash = variableHash;
	}

	@Column(length = 128, nullable = true)
	@JsonIgnore
	public String getLocationVariableHash() {
		return locationVariableHash;
	}

	public void setLocationVariableHash(String locationVariableHash) {
		this.locationVariableHash = locationVariableHash;
	}

	@Column(length = 128, nullable = true)
	@JsonIgnore
	public String getLocationHash() {
		return locationHash;
	}

	public void setLocationHash(String locationHash) {
		this.locationHash = locationHash;
	}

	@Column(nullable = false)
	public boolean isActive() {
		return active;
	}

	public void setActive(boolean isActive) {
		this.active = isActive;
	}
	
	@Column(nullable = false)
	public boolean getIsFalsePositive() {
		return isFalsePositive;
	}

	public void setIsFalsePositive(boolean isFalsePositive) {
		this.isFalsePositive = isFalsePositive;
	}

	@Temporal(TemporalType.TIMESTAMP)
	@JsonIgnore
	public Calendar getWafRuleGeneratedTime() {
		return wafRuleGeneratedTime;
	}

	public void setWafRuleGeneratedTime(Calendar wafRuleGeneratedTime) {
		this.wafRuleGeneratedTime = wafRuleGeneratedTime;
	}

	@Temporal(TemporalType.TIMESTAMP)
	@JsonIgnore
	public Calendar getDefectSubmittedTime() {
		return defectSubmittedTime;
	}

	public void setDefectSubmittedTime(Calendar defectSubmittedTime) {
		this.defectSubmittedTime = defectSubmittedTime;
	}

	@Temporal(TemporalType.TIMESTAMP)
	@JsonIgnore
	public Calendar getDefectClosedTime() {
		return defectClosedTime;
	}

	public void setDefectClosedTime(Calendar defectClosedTime) {
		this.defectClosedTime = defectClosedTime;
	}
	
	// this should just point to the surface location that the vulnerability was created with.
	@ManyToOne
	@JoinColumn(name = "surfaceLocationId")
	public SurfaceLocation getSurfaceLocation() {
		return surfaceLocation;
	}

	public void setSurfaceLocation(SurfaceLocation surfaceLocation) {
		this.surfaceLocation = surfaceLocation;
	}

	@Temporal(TemporalType.TIMESTAMP)
	public Calendar getOpenTime() {
		return openTime;
	}

	public void setOpenTime(Calendar openTime) {
		this.openTime = openTime;
	}

	@Temporal(TemporalType.TIMESTAMP)
	public Calendar getCloseTime() {
		return closeTime;
	}

	public void setCloseTime(Calendar closeTime) {
		this.closeTime = closeTime;
	}

	@Column(nullable = false)
	@JsonIgnore
	public boolean isExpired() {
		return expired;
	}

	public void setExpired(boolean isExpired) {
		this.expired = isExpired;
	}
	
	/**
	 * This indicates whether the user has closed the vulnerability.
	 * @return
	 */
	@Column(nullable = false)
	@JsonIgnore
	public boolean isFoundByScanner() {
		return foundByScanner;
	}
	
	public void setFoundByScanner(boolean isFoundByScanner) {
		this.foundByScanner = isFoundByScanner;
	}

	@OneToMany(mappedBy = "vulnerability")
	@JsonIgnore
	public List<Audit> getAudits() {
		return audits;
	}

	public void setAudits(List<Audit> audits) {
		this.audits = audits;
	}

	@OneToMany(mappedBy = "vulnerability")
	@JsonIgnore
	public List<Finding> getFindings() {
		return findings;
	}

	public void setFindings(List<Finding> findings) {
		this.findings = findings;
	}
	
	@OneToMany(mappedBy = "vulnerability")
	@JsonIgnore
	public List<VulnerabilityComment> getVulnerabilityComments() {
		return comments;
	}
	
	public void setVulnerabilityComments(List<VulnerabilityComment> comments) {
		this.comments = comments;
	}

	@OneToMany(mappedBy = "vulnerability", cascade = CascadeType.ALL)
	@JsonIgnore
	public List<WafRule> getWafRules() {
		return wafRules;
	}

	public void setWafRules(List<WafRule> wafRules) {
		this.wafRules = wafRules;
	}
	
	@Transient
	public void closeVulnerability(Scan scan, Calendar closeTime) {
		active = false;
		if (closeTime == null)
			this.closeTime = Calendar.getInstance();
		else
			this.closeTime = closeTime;
		
		// This constructor maps the objects for us
		if (scan != null) {
			new ScanCloseVulnerabilityMap(this, scan);
		}
	}

	@Transient
	@JsonIgnore
	public void openVulnerability(Calendar openTime) {
		active = true;
		if (openTime == null)
			this.openTime = Calendar.getInstance();
		else
			this.openTime = openTime;
	}
	
	@Transient
	@JsonIgnore
	public void reopenVulnerability(Scan scan, Calendar openTime) {
		active = true;
		if (openTime == null)
			this.openTime = Calendar.getInstance();
		else
			this.openTime = openTime;
		
		// This constructor maps the objects for us
		if (scan != null) {
			new ScanReopenVulnerabilityMap(this, scan);
		}
	}

	@Transient
	@JsonIgnore
	public int getNoOfSecurityEvents() {
		int numEvents = 0;
		for (WafRule wafRule : wafRules)
			numEvents += wafRule.getSecurityEvents().size();

		return numEvents;
	}

	@Transient
	@JsonIgnore
	public String getIsOpen() {
		return isActive() ? "OPEN" : "CLOSED";
	}
	
	/**
	 * This method is for reporting to help ensure that we aren't counting vulns more than once.
	 */
	@Transient
	@JsonIgnore
	public Finding getOriginalFinding() {
		if (originalFinding == null && getFindings() != null) {
			for (Finding finding : getFindings()) {
				if (finding == null)
					continue;
				
				if (finding.isFirstFindingForVuln()) {
					originalFinding = finding;
					break;
				}
			}
		}
		return originalFinding;
	}
}
